Skip to main content

Certificate Services Support

User-added image


After signing with my Entrust Authenticode or Kernel Mode Code Signing Certificate Windows states that the file is not signed


Windows Vista do not support SHA2 (SHA256) Code Signing certificates at this time.

Windows 7 and Server 2008 require an update, please see Microsoft security advisory -


Windows 8 and up supports SHA2 Authenticode Certificates, you can use the Microsoft Signing Tool to sign with both SHA1 and SHA2 certificates. You will be required to issue two Authenticode Code Signing Certificates for both SHA1 and 2, for more information please follow the instruction suggested by Microsoft - Signing a driver package with two signatures".

Signing a driver package with two signatures

In some cases, you might want to sign a driver package with two different signatures. For example, suppose you want your driver to run on Windows 7 and Windows 8. Windows 8 supports signatures created with the SHA256 hashing algorithm, but Windows 7 does not. For Windows 7, you need a signature created with the SHA1 hashing algorithm.

Suppose you want to build and sign a driver package that will run on Windows 7 and Windows 8 on x64 hardware platforms. You can sign your driver package with a primary signature that uses SHA1. Then you can append a secondary signature that uses SHA256. You can use the same certificate for both signatures, or you can use separate certificates. Here are the steps to create the two signatures using Visual Studio.

  • In the Solution Explorer window, right-click Solution SolutionName, and choose Configuration Manager. For the driver project and the package project, set Configuration to Win7 Release, and set Platform to x64.
  • Open the property pages for the driver package. Navigate to Configuration Properties > Driver Signing > General. In the Sign Mode drop-down list, select Production Sign. For Production Certificate, enter the path to your signing certificate.
  • In the property pages for the driver package, navigate to Configuration Properties > Custom Build Step > General. For Description, select Performing Custom Build Step. For Execute After, selectDriverProductionSign. For Command Line, enter this command.

    Signtool sign /fd sha256 /ph /as /sha1 XX...XX $(TargetPath)

    where XX...XX is the hash of the certificate you are using for the the secondary signature.

    Note  To see the hash (also called the thumb print) of a certificate, open a Command Prompt window and navigate to the directory that contains your certificate. Enter the command certutil -dump CertName.pfx, whereCertName.pfx is the name of your certificate.

If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance: 

Hours of Operation: 
Sunday 8:00 PM ET to Friday 8:00 PM ET 
North America (toll free): 1-866-267-9297 
Outside North America: 1-613-270-2680 (or see the list below) 
NOTE: Smart Phone users may use the 1-800 numbers shown in the table below.
Otherwise, it is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call. 

Australia0011 - 800-3687-7863
Austria00 - 800-3687-7863
Belgium00 - 800-3687-7863
Denmark00 - 800-3687-7863
Finland990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
France00 - 800-3687-7863
Germany00 - 800-3687-7863
Hong Kong001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
Ireland00 - 800-3687-7863
Israel014 - 800-3687-7863
Italy00 - 800-3687-7863
Japan001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Korea001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
Malaysia00 - 800-3687-7863
Netherlands00 - 800-3687-7863
New Zealand00 - 800-3687-7863
Norway00 - 800-3687-7863
Singapore001 - 800-3687-7863
Spain00 - 800-3687-7863
Sweden00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
Switzerland00 - 800-3687-7863
Taiwan00 - 800-3687-7863
United Kingdom00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088